Teacher
Professional
- Messages
- 2,670
- Reaction score
- 773
- Points
- 113
Uncoordinated actions of specialists have jeopardized the security of the supply chain.
Security researchers are increasingly discovering active attempts to exploit vulnerabilities in JetBrains ' TeamCity, which in some cases lead to the deployment of ransomware.
CrowdStrike monitoring attacks, presumably using a modified version of the Jasmin ransomware. Jasmin is an open source Red Team tool that replicates the WannaCry virus and is designed to simulate attacks and help organizations test security. However, Jasmin was adapted by attackers for malicious purposes.
One example of such a modification was a variant of the GoodWill ransomware, discovered in 2022. Unlike standard ransom demands, victims were encouraged to perform charitable acts such as donating and helping children in need in order to gain access to their files.
In addition to CrowdStrike, other researchers also confirmed the active exploitation of two vulnerabilities in TeamCity. According to the LeakIX service, hackers have already compromised more than 1,440 vulnerable instances of TeamCity, and on average, they create from 3 to 300 accounts for subsequent use on each instance. At the moment, according to Shadowserver, 1,182 vulnerable TeamCity servers are still available on the Internet, and most of them are located in the United States and Germany.
Due to the uncoordinated disclosure of two vulnerabilities between JetBrains and Rapid7, which first discovered and reported the problems, all the information hackers needed to develop the exploit was made public on the same day that the patches were released, raising concerns for potential attacks on the software supply chain.
A debate in the cybersecurity community has flared up around both companies ' vulnerability disclosure policies. JetBrains has stated its intention to give customers time to install updates before making details of bugs public, and Rapid7 has maintained an immediate full disclosure policy to ensure transparency for the community. Users of TeamCity versions prior to 2023.11.4 are advised to apply security updates as soon as possible to minimize risks.
Recall that two vulnerabilities were discovered in the JetBrains TeamCity On-Premises software that could allow an attacker to seize control of the affected systems.
CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3)affect all versions of TeamCity On-Premises up to and including 2023.11.4. The flaws allow an unauthenticated hacker with HTTP(S) access to the TeamCity server to bypass authentication and gain administrative control over the server. Compromising the TeamCity server allows an attacker to fully control all TeamCity projects, builds, agents, and artifacts, making it a suitable tool for conducting attacks on supply chains.
Security researchers are increasingly discovering active attempts to exploit vulnerabilities in JetBrains ' TeamCity, which in some cases lead to the deployment of ransomware.
CrowdStrike monitoring attacks, presumably using a modified version of the Jasmin ransomware. Jasmin is an open source Red Team tool that replicates the WannaCry virus and is designed to simulate attacks and help organizations test security. However, Jasmin was adapted by attackers for malicious purposes.
One example of such a modification was a variant of the GoodWill ransomware, discovered in 2022. Unlike standard ransom demands, victims were encouraged to perform charitable acts such as donating and helping children in need in order to gain access to their files.
In addition to CrowdStrike, other researchers also confirmed the active exploitation of two vulnerabilities in TeamCity. According to the LeakIX service, hackers have already compromised more than 1,440 vulnerable instances of TeamCity, and on average, they create from 3 to 300 accounts for subsequent use on each instance. At the moment, according to Shadowserver, 1,182 vulnerable TeamCity servers are still available on the Internet, and most of them are located in the United States and Germany.
Due to the uncoordinated disclosure of two vulnerabilities between JetBrains and Rapid7, which first discovered and reported the problems, all the information hackers needed to develop the exploit was made public on the same day that the patches were released, raising concerns for potential attacks on the software supply chain.
A debate in the cybersecurity community has flared up around both companies ' vulnerability disclosure policies. JetBrains has stated its intention to give customers time to install updates before making details of bugs public, and Rapid7 has maintained an immediate full disclosure policy to ensure transparency for the community. Users of TeamCity versions prior to 2023.11.4 are advised to apply security updates as soon as possible to minimize risks.
Recall that two vulnerabilities were discovered in the JetBrains TeamCity On-Premises software that could allow an attacker to seize control of the affected systems.
CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3)affect all versions of TeamCity On-Premises up to and including 2023.11.4. The flaws allow an unauthenticated hacker with HTTP(S) access to the TeamCity server to bypass authentication and gain administrative control over the server. Compromising the TeamCity server allows an attacker to fully control all TeamCity projects, builds, agents, and artifacts, making it a suitable tool for conducting attacks on supply chains.
